Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

test aaa ppp user

Syntax

Description

Verify Point-to-Point Protocol (PPP) subscriber access authentication, accounting, and address allocation configuration by creating a test pseudo session.

Note:

The test aaa command supports all RADIUS-sourced attributes, both IETF standard attributes and Juniper Networks VSAs. Received attributes are displayed in the output. For information about standard RADIUS attributes, see Standard and Vendor-Specific RADIUS Attributes. For information about Juniper Networks VSAs, see Standard and Vendor-Specific RADIUS Attributes.

Note:

Starting in Junos OS Release 19.3R1, the XML output format has changed. Each RADIUS server attribute name has an associated attribute value. Each of these pairs is now enclosed by the <radius-server-data> tag. The new tag makes it easier to recognize the name/value pairs, both for operators and API clients. You may have to change any scripts that use the XML output to work properly with the new format.

Options

username

Subscriber username to test.

agent-remote-id ari

(Optional) Value of the DSL Forum Agent-Remote-Id (VSA 26–2).

logical-system logical-system-name

(Optional) Logical system in which the subscriber is authenticated. This is the logical system in the AAA LS:RI context for the subscriber. This context differs from the subscriber context, which is the LS:RI in which the subscriber is placed, by either the Virtual-Router VSA (26-1) or the Redirect-VRouter-Name VSA (26–25).

no-address-request

(Optional) Request is sent for authentication without address allocation. Use for Layer 2-only scenarios where no address allocation request is needed.

Note:

The test aaa ppp user command tries to allocate an IPv4 address even when the subscriber is supposed to get only an IPv6 address. If that behavior is undesirable, include the no-address-request option when you issue the command.

password password

(Optional) Password associated with the username.

profile access-profile-name

(Optional) Access profile associated with the subscriber.

Note:

The system logically treats this profile as a client-level configuration. An access profile configured in a domain map takes precedence over client-level configurations. If you have configured one or more domain maps, the username for the user under test is evaluated against the domain maps the same as any other subscriber.

For example, the username can exactly match a domain map or partially match a wildcard domain map. If it matches neither of those, then it matches the default domain map if it is configured. If the username has no domain or realm ,then it matches the none domain map, if it is configured.

The consequence is that if the test user matches any configured domain map, then an access profile configured in that map is used for the test in preference to an access profile that you specify with the test command.

See Specifying an Access Profile in a Domain Map for more information about domain maps and access profiles.

routing-instance routing-instance-name

(Optional) Routing instance in which the subscriber is authenticated. This is the routing instance in the AAA LS:RI context for the subscriber. This context differs from the subscriber context, which is the LS:RI in which the subscriber is placed, by either the Virtual-Router VSA (26-1) or the Redirect-VRouter-Name VSA (26–25). In the case of VSA 26-25, the subscriber is re-authenticated in the subscriber context.

service-type service-type

(Optional) Value of the Service Type RADIUS attribute [6] that is associated with the test user; either a number in the range 1 through 255 or one of the following strings that corresponds to an RFC-defined service type; the numbers are the values that are carried in the RADIUS attribute to specify the service:

administrative (6)

callback-nas-prompt (9)

authenticate-only (8)

framed (2)

call-check (10)

login (1)

callback-admin (11)

nas-prompt (7)

callback-framed (4)

outbound (5)

callback-login (3)

terminate-code code-value

(Optional) Code associated with the subscriber termination.

Required Privilege Level

view

Output Fields

When you enter this command, you are provided feedback on the status of your request. For information about output fields related to authentication, accounting, and subscriber-specific information, see the show network-access aaa statistics, show network-access aaa statistics authentication, show network-access aaa subscribers, and show subscribers commands.

The test command does not support volume-time accounting. If volume-time accounting is configured for the test subscriber, the test command replaces the statistics with time-only accounting statistics.

This command displays only attributes that are supported by Junos OS; these attributes appear even when their values are not set. The Virtual Router Name (LS:RI) field matches the Juniper Networks Virtual-Router VSA (26-1), if present; otherwise the field displays default:default. The displayed value for all other attributes that are not received is <not set>.

Sample Output

test aaa ppp user

The following example tests the configuration for PPP subscriber user98BEDC and password $ABC123, and displays the resulting output:

test aaa ppp user (tunneled user)

The following example tests the configuration for PPP tunneled subscriber accounting14, with password $ABC123 and access profile finance-b, and displays the resulting output:

test aaa ppp user (authentication failure)

The following example shows sample output when the authentication grant fails due to an invalid password:

test aaa ppp user (XML Output, Old Format)

The following example shows an excerpt of sample XML output in the old format:

test aaa ppp user (XML Output, New Format)

The following example shows an excerpt of sample XML output in the new format:

Release Information

Command introduced in Junos OS Release 11.2.

Option terminate-code added in Junos OS Release 11.4.

Option agent-remote-id added in Junos OS Release 14.1.

Options no-address-request and service-type added in Junos OS Release 16.1.